Inspector General: 18 OPM IT Systems Lack Valid Authorization

The Office of Personnel Management’s inspector general has assessed OPM’s compliance with the Federal Information Security Modernization Act and found that over 18 of its information technology systems operate without valid authorizations.

OPM IG said in a Nov. 9 report that it performed the audit at the agency’s Washington headquarters from April 2016 to September 2016.

The IG said OPM’s continuous monitoring and security incident programs have achieved Level 2 in the Council of the Inspectors General on Integrity and Efficiency maturity model and that the agency has made changes to its vulnerability management initiative and created an inventory of network devices, servers and databases.

The report also cited a “high turnover rate of critical positions” within OPM’s data security management structure and that the agency has failed to establish a risk executive function.

OPM has not evaluated contingency plans for most of its IT systems in fiscal year 2016 and has not required multi-factor authentication to facilitate access to systems in compliance with a memorandum issued by the Office of Management and Budget.

Other security issues found in the audit include OPM’s failure to implement the agency’s lifecycle policy for all system development programs; lack of configuration baselines for all operating platforms; lack of security training among personnel; expired data security agreements between contractor-run information systems and OPM; and overdue milestones and plan of action for majority of OPM systems.

Check Also

An interagency effort led by NASA submitted a report to the National Space Council detailing the opportunities and challenges for human spaceflight in low-Earth orbit and how it could help boost economy and space exploration. The agency said Saturday, it issued the report in partnership with the departments of State and Commerce. In February, The National Space Council called on NASA to work with other federal agencies to create a national strategy for human spaceflight in LEO.

About ExecutiveGov

ExecutiveGov, published by Executive Mosaic, is a site dedicated to the news and headlines in the federal government. ExecutiveGov serves as a news source for the hot topics and issues facing federal government departments and agencies such as Gov 2.0, cybersecurity policy, health IT, green IT and national security. We also aim to spotlight various federal government employees and interview key government executives whose impact resonates beyond their agency.